[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] CSC-Cart RCE - CVE-2017-15673
From: "oric one" <oric-1 () gmx ! com>
Date: 2017-11-28 11:35:48
Message-ID: trinity-2e1ba3a4-efea-44b3-9c66-09815709a0aa-1511868948789 () 3c-app-mailcom-bs05
[Download RAW message or body]
1. Yes, it should have been cs-cart. This was a sloppy and stupid mistake.
2. I believe I do and I believe my intended mail gave full disclosure. It appears though that \
the mail body may not have been sent. The contents taken from my sent messages says:
**** Summary
CS Cart is a PHP based shopping cart software, which is hosted either locally or by the company \
cs-cart company. It has a vulnerability in the administration section, which allows full remote \
code execution on the server.
This has been allocated CVE-2017-15673
**** Vendor of Product
cs-cart.com
**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous
**** Attack Vectors
A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid PHP code. This can then be saved in a
location which allows the pages to be executed as PHP, therefore
gaining access to the whole server.
Unless you suggest otherwise I will correct the header, remove the asterisks and ensure it is \
sent as text only.
Thanks
> Sent: Saturday, November 25, 2017 at 4:13 AM
> From: jericho <jericho@attrition.org>
> To: "oric one" <oric-1@gmx.com>
> Cc: "Full Disclosure" <fulldisclosure@seclists.org>
> Subject: re: CSC-Cart RCE - CVE-2017-15673
>
> 1. Do you mean CS-Cart? 2. Do you understand what 'full disclosure' means? - jericho
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic